<%@ page import="java.sql.*" %>
<%@ page import="com.nxcy.mysql.DBUtils" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>

<%
    String username=request.getParameter("username");
    String password=request.getParameter("password");

    DBUtils db=new DBUtils();
   PreparedStatement pstmt=db.getPreparedStatement("SELECT * from t_user t WHERE (t.username=? or t.phone=? or t.sno=?) AND t.`password`=?");
   pstmt.setString(1,username);
   pstmt.setString(2,username);
   pstmt.setString(3,username);
   pstmt.setString(4,password);
    try{
           ResultSet rs= pstmt.executeQuery();
           if(rs.next()){
               session.setAttribute("name",rs.getString("name"));
               response.sendRedirect("index.jsp");
           }else{
               request.setAttribute("msg","用户名密码错误");
               request.getRequestDispatcher("login.jsp").forward(request,response);
           }
    }catch (Exception e){

    }finally {
        db.close();
    }
%>
